UniFLOW Online Registration Vulnerability
CVE-2024-1621

7.5HIGH

Key Information:

Vendor: Nt-ware
Status: Uniflow Online
Vendor: CVE Published:; 2 September 2024

What is CVE-2024-1621?

The registration process of uniFLOW Online applications can be exploited when email login is activated for tenants. Tenants that combine email login with Microsoft Safe Links may face significant risks. This exploit enables an attacker to impersonate a legitimate user, registering themselves within the system and gaining similar access and permissions as the real user. Safeguarding against this vulnerability requires attention to the security settings and mitigation measures outlined by NT-ware.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

uniFLOW Online uniFLOW SmartClient 0 <= 2024.1.0 (including)

References

https://ntware.atlassian.net/wiki/spaces/SA/pages/1211321...

vendor-advisorymitigation

https://www.canon-europe.com/psirt/advisory-information/

vendor-advisorymitigation

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2024
Vulnerability Reserved
Feb 19, 2024

JSON

Nt-ware

What is CVE-2024-1621?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.